Tommy still sending you his greetings

[Parkinsond]

Content source

https://www.bleepingcomputer.com/news/security/malware-force-installs-chrome-extensions-on-300-000-browsers-patches-dlls/

"i was cleaning up my laptop and found this, i thought it was an auto clicker but i really don’t know. i did some brief searching and it looks suspicious.. can i just delete it and move on or is this ment to be here "

Spoiler

"The most credible thing I've found on internet is that these kind of files are signed by a certain Tommy Tech LTD and installs payloads and malicious browser extensions on your computer via Powershell scripts. It may then use a browser hijacker and redirect you to sketchy websites and may look at your browser history."

Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs

An ongoing and widespread malware campaign force-installed malicious Google Chrome and Microsoft Edge browser extensions in over 300,000 browsers, modifying the browser's executables to hijack homepages and steal browsing history.

www.bleepingcomputer.com

Spoiler

 

[Jonny Quest]

It looks like that's from August of 2024, has that not been resolved yet, still sending his greetings? I didn't see that article as being recently updated, unless I'm just not seeing it?

 

[Parkinsond]

It looks like that's from August of 2024, has that not been resolved yet, still sending his greetings? I didn't see that article as being recently updated, unless I'm just not seeing it?

Looks that signing malware represent a challenge for AVs to detect.

 

[Victor M]

Just do a full scan again. If your AV can't detect anything and you still worry about some past action it may have taken then re-install Windows. If you don't remember what the setup.exe was for then it is useless to you.

 

[Parkinsond]

If your AV can't detect anything and you still worry about some past action it may have taken then re-install Windows

Why to worry! It is signed by Tommy:

 

[stonjean633]

Just do a full scan again. If your AV can't detect anything and you still worry about some past action it may have taken then re-install Windows. If you don't remember what the setup.exe was for then it is useless to you.

Or try a System Restore. Some malware won't survive that if they are not persistent.

 

[Parkinsond]

Or try a System Restore. Some malware won't survive that if they are not persistent.

Actually it was not me; it is quoted from Reddit.
Reposted to emphasize the role of signed malware in bypassing security solutions.

 

[Victor M]

@Parkinsond Could you please emphasize next time that this is not your problem and you are quoting some forum message from somewhere?
People think that you are posting about an event that is happening to you ! Perhaps by adding a line in the beginning of the message "Quoted from Reddit".

 

[Parkinsond]

@Parkinsond Could you please emphasize next time that this is not your problem and you are quoting some forum message from somewhere?
People think that you are posting about an event that is happening to you !

Apologies.
The whole text is inbetween quotation marks "" and the whole post with photos is quoted from toolbar, with the link of both the Reddit post and Bleebingcomputer article about this specific malware; what more should I do?!

 

[Victor M]

I think you should begin the message with "Quoted from Reddit:"

 

[Parkinsond]

I think you should begin the message with "Quoted from Reddit:"

I preferred not mention Reddit as the data are not exclusive to; it is shared between Reddit and Bleebing Computer.
If is my personal experience, I would select "advice request".

 

[Victor M]

But saying 'advice request' and using the pronoun 'I' would make people think that you yourself is in need of advice.

 

[Parkinsond]

But saying 'advice request' and using the pronoun 'I' would make people think that you yourself is in need of advice.

Sorry for causing confusion; I thought quotation marks are obvious.